Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-22 | CVE-2023-28709 | The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. | 7.5 |
| 2023-05-15 | CVE-2022-47937 | Unspecified vulnerability in Apache Sling Commons Json Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. | 9.8 |
| 2023-05-12 | CVE-2023-28936 | Unspecified vulnerability in Apache Openmeetings Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 | 5.3 |
| 2023-05-12 | CVE-2023-29032 | Unspecified vulnerability in Apache Openmeetings An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0 | 8.1 |
| 2023-05-12 | CVE-2023-29246 | Unspecified vulnerability in Apache Openmeetings An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 | 7.2 |
| 2023-05-08 | CVE-2023-25754 | Unspecified vulnerability in Apache Airflow Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0. | 9.8 |
| 2023-05-08 | CVE-2023-29247 | Unspecified vulnerability in Apache Airflow Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0. | 5.4 |
| 2023-05-08 | CVE-2023-31038 | Unspecified vulnerability in Apache Log4Cxx SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has been the case since at least version 0.9.0(released 2003-08-06) Note that Log4cxx is a C++ framework, so only C++ applications are affected. Before version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library. As of version 1.1.0, this must be both explicitly enabled in order to be compiled in. Three preconditions must be met for this vulnerability to be possible: 1. | 8.8 |
| 2023-05-08 | CVE-2023-31039 | Unspecified vulnerability in Apache Brpc Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process. Solution: 1. | 9.8 |
| 2023-05-05 | CVE-2021-40331 | Unspecified vulnerability in Apache Ranger An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. | 8.1 |